After you complete your risk assessment, you must then translate it into a risk profile. If your estimate of where your bribery risk is greatest is wrong, it will be an effort to address it. As Ben Locwin explained in his  BioProcess International article, entitled “Quality Risk Assessment and Management Strategies for Biopharmaceutical Companies”:

Once we have assessed risks and determined a process that includes options to resolve and manage those risks whenever appropriate, then we can decide the level of resources with which to prioritize them. There always will be latent risks: those that we understand are there but that we cannot chase forever. But we need to make sure we have classified them correctly. With a good understanding of each of these, we are in a better position to speak about the quality of our businesses.

William C. Athanas, in his Industry Week article, “Rethinking FCPA Compliance Strategies in a New Era of Enforcement”, posited that companies assume that FCPA violations follow a bell curve in which most employees are responsible for most of the violations. However, Athanas believed that the distribution pattern more closely follows a hockey-stick distribution, where virtually all violations are committed by just a few people. Athanas concluded by noting that is this limited group of employees, or what he terms the “shaft of the hockey-stick,” to which a company should devote the majority of its compliance resources. With a proper risk assessment, a company can then focus its compliance efforts such as intensive training sessions or detailed analysis of key financial transactions involving those employees with the greatest means and motive to commit a violation.

The most significant risks with the greatest likelihood of occurring are deemed to be the priority risks. These become the focus of your most significant risk management efforts, couple with  audit and monitoring going forward. A variety of tools can be used to continuously monitoring risk going forward. Consider providing employees with substantive training to guard against the most significant risks coming to pass and to keep the key messages fresh and top of mind. It is important to create a risk control summary that succinctly documents the nature of the risk and the actions taken to mitigate it. Finally, let this risk assessment and evaluation inform your compliance program, rather than letting the compliance program inform the risk assessment.

Three key takeaways:

  1. Even after you complete your risk assessment, you must evaluate those risks for your company.
  2. The DOJ and SEC are looking for a well-reasoned approach on how you evaluate your risk.
  3. Create a risk matrix and rank your risks; then remediate and monitor as appropriate.

Tom and Nick Gallo discuss The Infinite Game by Simon Sinek. The author emphasizes that the game of business is not a short game but a long one, and leaders need to play the long game in order to be successful. Nick comments that making sure that your company is working together for the betterment of your employees – not just for profit – is crucial, and a vital part of playing the long game. Tom mentions Jeff Bezos as an example of a business leader who plays the long game.



Simon Sinek is an author, and inspirational speaker. He explores how leaders can inspire cooperation, trust and change.

Listeners can read Nick’s notes on each book at his LinkedIn page.



Tom Fox on LinkedIn | Twitter


Nick Gallo on LinkedIn

The Infinite Game by Simon Sinek

The Carrasco case is a cross-border financial crime that is worth revisiting. Its lessons remain as relevant today as they were in 1998 when the fraud first erupted.

Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.

Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.


It is certainly a challenging time for the American Democracy. For his high crimes and misdemeanors against the Constituion and American democary, President Trump has now been impeached for a second time. In the midst of the this, Tom and Jay are back to look at some of the top compliance articles and stories which caught their eye this week.

  1. Recidivist Deutsche Bank settles a second FCPA matter. Tom takes a 5-part deep dive on the FCPA Compliance and Ethics Blog. Matt Kelly looks at red flags and internal controls on Radical Compliance. Tom and Matt take a deep dive on Compliance into the Weeds.
  2. How the FCPA is big business. Harry Cassin explains in the FCPA Blog.
  3. Is an industry sweep headed your way? Dick Cassin explains in the FCPA Blog.
  4. Why you should welcome the NDAA? Matthew Stephenson in GAB. Jonathan Marks on Board and Fraud.
  5. How to use KPIs in your compliance program. Vera Cherapanova in the FCPA Blog.
  6. What are your Board resolutions for 2021? Steve Durbin in CCI.
  7. 2020 was a year of ethical challenges. Mike Volkov explains in Corruption Crime and Compliance.
  8. What are the C-Suite challenges brought on by Coivd-19? Shanil Williams in CCI.
  9. A new month is here and a new guest on The Compliance Life. Gwen Hassan- Director of Compliance at CNH Industrial. In this month’s second episode, In this second episode, we take up the tricky issue of balancing a role as a legal eagle for the company as well as her role in compliance. We also explore the different skill set needed for each of these careers and how it is possible to have both in one person. Check out the episode here.
  10. This month, on 31 Days to a More Effective Compliance Program, I look back over 2020 and set out some of the key enhancements you need to do for your compliance program in 2021. Day 9 | 360 Degrees of Compliance Communications; Day 10 | The Use of Social Media in Compliance; Day 11 | What is Effective Compliance Training?; Day 12 | Financial Incentives for Compliance; Day 13 | Institutional Justice and Fairness; Day 14 | Risk Assessments; and Day 15 | How do you evaluate a risk assessment?. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel.
  11. Join Tom on the Convercent event, “Future-proof your compliance program for 2021”, on Wednesday, January 20th | 11:00 am -1:00 pm ET. For details and registration, click here.
  12. Join K2 Integrity on January 27 to hear Olivia Allison and Joanne Taylor discuss the latest E
    U regulatory developments in whistleblowing programs and investigations. Information and Registration here.
  13. Compliance Week is accepting nominations for its Excellence in Compliance Award. Submit your nominee here.

Tom Fox is the Compliance Evangelist and can be reached at Jay Rosen is Mr. Monitor and can be reached at

JANUARY 15, 2020 2021 BY TOM FOX

In today’s edition of Daily Compliance News:

  • Toyota spanked for emissions defect reporting. (WSJ)
  • NDAA expanded reporting from foreign banks. (WSJ)
  • FAA cracks down on unruly passengers. (NYT)
  • Has pandemic changed entertainment–forever? (WaPo)